Welcome, Guest. Please login or register. Did you miss your activation email?

Author Topic: How can i encrypt my network traffic  (Read 10097 times)

0 Members and 4 Guests are viewing this topic.

Krosan

  • Newbie
  • *
  • Posts: 10
    • View Profile
How can i encrypt my network traffic
« on: February 10, 2010, 10:29:23 am »
Hello

is there a way in sfml to encrypt the network connectivity?
or do i need an other libary for encrypting and send it then with sfml? have anybody some experience how to do this?

thanks

manuel

Laurent

  • Administrator
  • Hero Member
  • *****
  • Posts: 32498
    • View Profile
    • SFML's website
    • Email
How can i encrypt my network traffic
« Reply #1 on: February 10, 2010, 10:53:33 am »
SFML cannot do that, you'll need another library.
Laurent Gomila - SFML developer

Krosan

  • Newbie
  • *
  • Posts: 10
    • View Profile
How can i encrypt my network traffic
« Reply #2 on: February 10, 2010, 12:17:51 pm »
Quote from: "Laurent"
SFML cannot do that, you'll need another library.


ok does somebody have any experience with another libary which can do this? or have somebody a libary just for encryption that i can send it over sfml

thanks

T.T.H.

  • Full Member
  • ***
  • Posts: 112
    • View Profile
How can i encrypt my network traffic
« Reply #3 on: February 11, 2010, 10:54:11 am »
Cryptography is a quite complex topic where the devil is within the details.

First you should become clear for yourself about what exactly you want when saying "encrypt the network connectivity". Then you tell us that. Then we might make suggestions. But without knowing what exactly you want to do it's hard to make any serious suggestions regarding cryptography.

Some links:

public key cryptography (assymetric encryption/decryption)
http://en.wikipedia.org/wiki/Public-key_cryptography

block ciphers (symmetric encryption/decryption)
http://en.wikipedia.org/wiki/Block_cipher

On the bottom of those pages are plenty algorithms listed.

Krosan

  • Newbie
  • *
  • Posts: 10
    • View Profile
How can i encrypt my network traffic
« Reply #4 on: February 15, 2010, 08:30:46 am »
Quote from: "T.T.H."
Cryptography is a quite complex topic where the devil is within the details.

First you should become clear for yourself about what exactly you want when saying "encrypt the network connectivity". Then you tell us that. Then we might make suggestions. But without knowing what exactly you want to do it's hard to make any serious suggestions regarding cryptography.

Some links:

public key cryptography (assymetric encryption/decryption)
http://en.wikipedia.org/wiki/Public-key_cryptography

block ciphers (symmetric encryption/decryption)
http://en.wikipedia.org/wiki/Block_cipher

On the bottom of those pages are plenty algorithms listed.


Hello sorry for the slow response

i just need to transfer some variables encrypted and i hoped that there is an libary existing which could do that for me because i know that the topic is very complex.

best would be if i could give my variables / strings + key to the libary and get out the encrypted variable, and can send it with the sfml libary over the network to get my information back on the other computer there

maybe you know one?

thx

T.T.H.

  • Full Member
  • ***
  • Posts: 112
    • View Profile
How can i encrypt my network traffic
« Reply #5 on: February 15, 2010, 10:47:41 am »
Do you have a client-server-model or a peer-to-peer-model?
What is the underlying network protocol?
- HTTP over TCP
- TCP
- UDP
- etc.
Which side wants to send encrypted data first?
- client to server
- server to client
- somebody to somebody
Does the other side want to send encrypted data back?
How much encrypted data do you want to send?
How "strong" must the encryption be?
- "just being able to detect network transmission errors"
- "just prevent my little brother from reading my network traffic"
- "just prevent some person with a plain text network sniffer from reading my traffic"
- "just prevent some dedicated person with cryptography knowledge from reading my network traffic"
- "just prevent a group of hackers from penetrating my network"
- "just prevent the CIA from stealing my pr0n"

Sorry, without some answers on those question I can't really give you a meaningful suggestion.

K-Bal

  • Full Member
  • ***
  • Posts: 104
    • View Profile
    • pencilcase.bandcamp.com
    • Email
How can i encrypt my network traffic
« Reply #6 on: February 15, 2010, 12:57:04 pm »
Quote from: "Laurent"
SFML cannot do that, you'll need another library.


But encryption is possible by deriving from sf::Packet or am I wrong?
Listen to my band: pencilcase.bandcamp.com

Laurent

  • Administrator
  • Hero Member
  • *****
  • Posts: 32498
    • View Profile
    • SFML's website
    • Email
How can i encrypt my network traffic
« Reply #7 on: February 15, 2010, 02:01:56 pm »
Quote
But encryption is possible by deriving from sf::Packet or am I wrong?

Absolutely, a class derived from sf::Packet is a very good place to put the encryption functions, so that it can be performed automatically. I think that there is an example in the network tutorials.
Laurent Gomila - SFML developer

Krosan

  • Newbie
  • *
  • Posts: 10
    • View Profile
How can i encrypt my network traffic
« Reply #8 on: February 15, 2010, 05:19:39 pm »
Quote from: "T.T.H."
Do you have a client-server-model or a peer-to-peer-model?
What is the underlying network protocol?
- HTTP over TCP
- TCP
- UDP
- etc.
Which side wants to send encrypted data first?
- client to server
- server to client
- somebody to somebody
Does the other side want to send encrypted data back?
How much encrypted data do you want to send?
How "strong" must the encryption be?
- "just being able to detect network transmission errors"
- "just prevent my little brother from reading my network traffic"
- "just prevent some person with a plain text network sniffer from reading my traffic"
- "just prevent some dedicated person with cryptography knowledge from reading my network traffic"
- "just prevent a group of hackers from penetrating my network"
- "just prevent the CIA from stealing my pr0n"

Sorry, without some answers on those question I can't really give you a meaningful suggestion.


its a client to server connection over the internet with UDP

the first sending should be from the client

Does the other side want to send encrypted data back?
yes both should encryped there data cleint & server

How much encrypted data do you want to send?
hard to say 2-10 KB/s
max 100 clients
so 200-1000 KB/s

How "strong" must the encryption be?
- "just prevent the CIA from stealing my pr0n"
who said that to you?^^

 should be enought if not everybody who loaded some files from the internet can enter.
but if the key is stronger its better for me.

Quote from: "Laurent"
Quote
But encryption is possible by deriving from sf::Packet or am I wrong?

Absolutely, a class derived from sf::Packet is a very good place to put the encryption functions, so that it can be performed automatically. I think that there is an example in the network tutorials.


 thx , but i also searching for an libary which can encryp the data, but when i found one maybe i can use this

thx for the help

T.T.H.

  • Full Member
  • ***
  • Posts: 112
    • View Profile
How can i encrypt my network traffic
« Reply #9 on: February 16, 2010, 05:49:48 pm »
Ok, way better now. My suggestion is the following (and please note that I'm not an expert in cryptography, just a guy who solved a very similar problem like you have):

-----

1. generate good (pseudo) random numbers (at the client)

Forget rand(). Now. Instantly. Ignore that it ever existed. It's just plain bad for anything involving cryptography.

SFML's Randomizer::Random uses rand(). You've been warned.

Here is a list of decent random number generators:
http://en.wikipedia.org/wiki/List_of_pseudorandom_number_generators

Here is a nice, short paper describing a couple of algorithms:
http://www.lomont.org/Math/Papers/2008/Lomont_PRNG_2008.pdf

Several libraries already include decent pseudo random number generators, e.x. Boost has Boost.Random.

Linux has /dev/random

Windows has CryptGenRandom


preview for 3. use a random number as key for symmetric encryption

Coming later...


2. exchange the random number securely

You must get your random number securely(!) from the client to the server. You can use asymmetric encryption (public key cryptography) to do that.

One choice would be the Diffie-Hellman key exchange:
http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange

Another choice would be to use the famous asymmetric encryption algorithm RSA:
http://en.wikipedia.org/wiki/RSA

In that case of RSA you would simply use the OpenSSL command line tool to generate a public key / private key pair. Hardcode the public key in the client code (and give the client to your users) and hardcode the private key in the server (and never, ever give out the server or the private key to anybody). Then you could include the OpenSSL library in both your client and your server to send a piece of encrypted data from the client to the server. This piece of encrypted data includes the aforementioned random number and e.x. login credentials like username and password. On Linux using OpenSSL is simple, on Windows using OpenSSL is a pain in the ass.

Unfortunately most libraries including asymmetric encryption algorithms are huge bloatware - but the topic is a quite difficult one, not to be solved simple.

Please note that asymmetric encryption does a lot of number crunching on the CPU so it's used rarely, e.x. only once during login for each connection, while the rest of the transmission of the connection is done with the way "cheaper" (CPU load wise) symmetric encryption.


3. use a random number as key for symmetric encryption

After both the client and the server known your random number -and nobody else does since you transmitted the key securely- you can use that random number as a key for a symmetric encryption (block ciphers).

Like Wikipedia says AES, Blowfish and Twofish are commonly used algorithms which should have plenty implementations flying around. Interesting is the TEA/XTEA family of block ciphers as they are meant to be very small, very simple, very fast but still secure enough. The whole C code for XTEA is on it's Wikipedia page.


-----

Rakknet, another well known UDP based network library, includes a very similar mechanism to what I explained above. The documentation for its so called "secure connections" can be found below, maybe this will help your understanding:
http://www.jenkinssoftware.com/raknet/manual/secureconnections.html

Finally I want to say that it will take you a lot of time to do it "right". And afterwards you will find out that what you considered "right" has some flaws. And then it will take you even more time to fix the flaws. Sorry if that sounds pessimistic, but I've spent my fair share of time on it and I made my fair share of mistakes. Maybe I just want to encourage you to check your priorities: how important is the encryption currently in comparison with other features of your project?

One way or the other good luck with your efforts!

Krosan

  • Newbie
  • *
  • Posts: 10
    • View Profile
How can i encrypt my network traffic
« Reply #10 on: February 17, 2010, 09:47:45 am »
ok thx for the good answer, i see its very hard do do, but i think i have to do it, its important for that, because there are some datas that i can not send over the internet without encryption.

Quote

Finally I want to say that it will take you a lot of time to do it "right". And afterwards you will find out that what you considered "right" has some flaws. And then it will take you even more time to fix the flaws. Sorry if that sounds pessimistic

its not pessimistic its realistic i think, i'm sure that it will take a lot of time, thats then hard to find problems in the communications and that it brings a lot of problems, maybe i have to edit much of my code.
i will see
thx for your help[/quote]

ncarrasco

  • Newbie
  • *
  • Posts: 9
    • View Profile
How can i encrypt my network traffic
« Reply #11 on: February 17, 2010, 05:52:39 pm »
You can use http://www.cryptopp.com/ library.

Best,
Nicolas.

Krosan

  • Newbie
  • *
  • Posts: 10
    • View Profile
How can i encrypt my network traffic
« Reply #12 on: February 17, 2010, 10:04:47 pm »
Quote from: "ncarrasco"
You can use http://www.cryptopp.com/ library.

Best,
Nicolas.


thx a lot that looks like the libary i serached for  :D

 

anything